Runtime verification in distributed embedded systems using requirement based monitoring

Runtime fault detection techniques are necessary in computer systems to detect random operational faults and anomalies. A possible realization of runtime fault detection is runtime verification, which means the precise checking of formalized system requirements that were specified during the design of the system. In safety-critical systems the application of runtime verification supports the reactive fail-safety principle, which requires independent fault detection and bringing the systems to a safe state, maintaining this way the safety.

In this work I present a hierarchical monitoring system, which can perform runtime verification both at component and system level. The monitoring system is designed for distributed embedded systems (networks of microcontroller based controllers implementing reactive behavior). Design, verification and code synthesis of these systems can be performed on the basis of formal timed automata models. This way, at component level the basis of runtime verification is formed by the automata, while at the system level it is formed by temporal logic requirements and scenarios specified on the network of automata.

The software source code of the components necessary for monitoring are generated automatically from the models and the formalized system requirements. The background theory of this method is the construction of observer automata which only accept the behavior specified by the requirements. The instrumentation of the application source code needed for observing the running application is also performed in an automated way, on the basis of the

requirements. The advantages and novelties of the developed methods and techniques can be summarized as follows:

- The automated instrumentation and monitor synthesis are optimized for the formalized requirements, this way minimizing the execution time and code size

overhead.

- The system-level monitors are able to check branching time temporal logic (instead of linear time temporal logic) properties. This allows the checking of existential properties (for example, the existence of desired behavior) on a set of traces (in particular belonging to the execution of a test suite during

the system testing phase).

- A novel feature of requirement based monitoring is the support of the Live Sequence Chart \cite{LSC2001} formalism. This formalism allows the specification of scenario based requirements in an intuitive way that is close to the engineers' way of thinking.

In this paper I present not only the theoretical background and the related design of the monitoring systems but also its implementation and its first application.